Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tomcat prisma scan vulnerabilities #210

Open
popenc opened this issue Nov 14, 2022 · 1 comment
Open

Tomcat prisma scan vulnerabilities #210

popenc opened this issue Nov 14, 2022 · 1 comment
Labels
vulnerability security vulnerabilities

Comments

@popenc
Copy link
Collaborator

popenc commented Nov 14, 2022

New scans are showing some CVEs for the Tomcat image.

  1. com.thoughtworks.xstream_xstream
  • v1.4.3
  • Fixed in v1.4.16
  1. spring-core_spring-core
  • v4.1.6
  • Fixed in 5.0.5 or 4.3.15
  1. ch.qos.logback_logback-core
  • v1.1.3
  • Fixed in 1.2.0
  1. org.apache.tika_tika-core
  • v1.2
  • Fixed in 1.18
@popenc popenc added the vulnerability security vulnerabilities label Nov 14, 2022
@popenc
Copy link
Collaborator Author

popenc commented Nov 18, 2022

NOTE: The current base image that's worked for us is tomcat:8.5.77-jdk8-openjdk, but it's the one with the above CVEs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
vulnerability security vulnerabilities
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@popenc